On 23 November 2017 the Attorney General’s Department announced that Australia will participate in the APEC Cross Border Privacy Rules. The announcement follows public consultation with industry stakeholders in July 2017.
The APEC Cross order Privacy Rules (CBPR) System facilitates the flow of personal information across borders and was developed by participating APEC economies with the aim of building consumer, business and regulator trust in cross border flows of personal information. Participating businesses are required to implement data privacy policies consistent with the APEC Privacy Framework.
The APEC Privacy Framework draws on concepts introduced into the OECD’s 2013 Guidelines on the Protection of Privacy and trans-Border Flows of Personal Data and reaffirms the value of privacy to individuals and to the information society. The APEC Framework specifically addresses the importance of protecting privacy while maintaining information flows and recognises the importance of:
- Implementing appropriate privacy protections for personal information and in particular from the harmful consequences of intrusions and the misuse of personal information;
- The free flow of information to trade, and to economic and social growth;
- Enabling global organisations that collect, access, use or process data in APEC member economies to develop and implement uniform approaches within their organisation for global access too, and use of, personal information;
- Encouraging organisations to be accountable for all personal information under their control;
- Empowering enforcement bodies to protect individual privacy; and
- Advancing international mechanisms to promote and enforce privacy while maintaining the continuity of information flows among APEC economies and trading partners.
Importantly, the Framework is intended to provide clear guidance and direction to businesses in APEC economies on common privacy issues, including by highlighting the reasonable privacy expectations of the modern consumer.
Over the coming months, the Attorney General’s Department will work closely with the Office of the Australian Information Commissioner and businesses to implement the CBPR system requirements in a way that will ensure long-term benefits for Australian businesses and consumers.
Data Governance Australia will engage with the Government and the Regulator on developed CBPR system requirements and will develop resources and tools for our Members as the Australian framework is clarified and implemented.